cancel
Showing results for 
Search instead for 
Did you mean: 

SSO using JSON POST?

coriolis_75734
Nimbostratus
Nimbostratus

Is it possible using APM to create a JSON payload containing the username/password to be used on particular start URIs? We have an app which requires this as the POST on the sign in page and i'm trying to SSO with the known user credentials.

 

10 REPLIES 10

coriolis_75734
Nimbostratus
Nimbostratus

further information:

 

JSON:

 

{"parameters":[{"name":"CAMNamespace","value":"NamespaceName"},{"name":"h_CAM_action","value":"logonAs"},{"name":"CAMUsername","value":"USERNAME"},{"name":"CAMPassword","value":"PASSWORD"}]}

 

Josiah_39459
Historic F5 Account

Does the app have a logon page? If there is a logon page then formsv2 should work in most instances. It works just like a user would logging into the page and automatically submitting the form.

 

If the ONLY way to logon is posting JSON to a specific url (and there is no UI interface for it), you could still do that via a sideband irule.

 

Hi,

 

You can use an irule to build a POST request with JSON payload and send it using the sideband commands.

 

You can also use an HTTP Authentication object (in AAA tab) and build your request headers and payload. HTTP Authentication can be triggered from within the VPE only.

 

If you need to trigger the SSO after authentication process complete, you can only use an irule or iruleLX.

 

Yann

 

The-messenger
Cirrostratus
Cirrostratus

Where can I find out more on this? I have apps with their own login page, one is mobile, I need to secure these with APM. I realize this isn't a checkbox solution but where can I find info on how to do the steps in the process?

 

There are several threads where someone is doing the same, with no answers. I've been working, trial and error with a mobile app, trying to capture the creds and submit to the mobile app server. There's a lot of trial and error. Documentation on this process would be great.

 

youssef1
Cumulonimbus
Cumulonimbus

Hi,

 

As I mentioned Yann, the use of SIDEBAND is a good compromise for this kind of situation. in the past I already had to make irules to overcome this problem because basic SSO profiles did not meet my needs.

 

and in some cases in addition to the SSO I had to replay some headers (CSRF).

 

now I have gained some comfort for this kind of need so if you need help on the subject I can bring it to you (Try to built an irule).

 

Keep me in touch.

 

Regards

 

Hi  ,

Can you explain how you did this with the sideband rule?

The-messenger
Cirrostratus
Cirrostratus

Josia, what is formsv2?

 

Hi, Josiah may refer to Form Based SSO or Client Initiated Form Based SSO. Those are the only two options available for HTTP forms SSO. Traditional Forms SSO can fit if there is no dynamic hidden input in the form. Client Initiated Forms SSO help when Traditional Forms SSO won't works.

 

Hope it helps

 

Yann

 

Abed_AL-R
Cirrostratus
Cirrostratus

Hello guys

I'm have a problem in the forum based which I think it is related to this topic

Using APM v13.1, When I create a forum based for a web application configured in the portal access, I got this error message from the web application:

{"Message":"The request entity's media type 'application/x-www-form-urlencoded' is not supported for this resource."}

0691T000005oW0cQAE.png

 

Does this mean I should customize the web application code to accept: x-www-form-urlencoded for the forum based to work ?

 

Thanks

Hi

 

I an facing same issue? You were able to fix? Can you share steps.

 

thanks